MCP Setup Guide
Set up governance for Cursor, Windsurf and Claude Code.
The MCP (Model Context Protocol) Gateway enables governance of tool calls by coding agents like Cursor, Windsurf and Claude Code. Every tool call passes through Palveron for policy checks, PII detection and audit logging.
How It Works
- You register the target MCP server (e.g. your database or email MCP server) with Palveron
- Your coding agent talks to Palveron's per-server proxy endpoint instead of the MCP server directly
- Guardrails check the tool name, parameters and context against your policies
- If approved, the call is forwarded to the actual MCP server
- The result is logged as a trace with a complete audit trail
Step 1 — Register the target MCP server
Palveron can proxy requests to any MCP server. Register servers via the dashboard or API:
Dashboard
- Navigate to MCP Gateway → MCP Servers
- Click + Register Server
- Enter the server URL and authentication details
- Palveron automatically scans the server for available tools
API
curl -X POST https://gateway.palveron.com/api/v1/mcp/servers \
-H "Authorization: Bearer pv_live_your_project_key" \
-H "Content-Type: application/json" \
-d '{
"name": "Salesforce MCP",
"server_url": "https://mcp.salesforce.com/sse"
}'Required fields: name, server_url. Optional: description, connector_type, auth_method, auth_config (free-form JSON), is_proxied. The response contains the server id — you need it for the proxy URL below.
From Connector Template
Palveron includes 11 preconfigured connector templates for popular services:
curl -X POST https://gateway.palveron.com/api/v1/mcp/servers/from-template \
-H "Authorization: Bearer pv_live_your_project_key" \
-H "Content-Type: application/json" \
-d '{ "template": "salesforce", "name": "Our Salesforce", "server_url": "https://..." }'template is required; name and server_url are optional overrides. Available templates: Salesforce, Microsoft Copilot, ServiceNow, Slack AI, Teams Copilot, Zendesk AI, Intercom Fin, AWS Bedrock, Azure AI, Cursor, Claude Code. Creating from a template also seeds the template's tool policies and triggers an immediate tool scan.
Step 2 — Point your coding agent at the proxy
The governed endpoint is the per-server JSON-RPC proxy:
https://gateway.palveron.com/api/v1/mcp/proxy/{server_id}It accepts any JSON-RPC 2.0 request (initialize and tools/list pass through; tools/call is policy-checked). Optionally send an X-Agent-Id header with a registered agent id so calls are attributed to that agent — an unknown id is treated as anonymous.
Cursor
Open Cursor Settings → MCP Servers → Add Server:
{
"mcpServers": {
"palveron-governed-salesforce": {
"url": "https://gateway.palveron.com/api/v1/mcp/proxy/{server_id}",
"headers": {
"Authorization": "Bearer pv_live_your_project_key",
"X-Agent-Id": "ckagent..."
}
}
}
}Windsurf
Windsurf uses the same MCP configuration format — add the same entry under Windsurf Settings → MCP.
Claude Code
For Claude Code (Anthropic's CLI agent), add the same MCP server entry to your configuration.
For self-hosted deployments, replace the host with your gateway (e.g. http://localhost:8080/api/v1/mcp/proxy/{server_id}).
Step 3 — Tool Policies
Create policies for specific tool calls (bind the policy to a scanned tool via mcp_tool_id from GET /api/v1/mcp/servers/{id}/tools):
curl -X POST https://gateway.palveron.com/api/v1/mcp/policies \
-H "Authorization: Bearer pv_live_your_project_key" \
-H "Content-Type: application/json" \
-d '{
"mcp_tool_id": "clxyz...",
"action": "REQUIRE_APPROVAL",
"reason": "Destructive database operations require human approval"
}'| Action | Behavior |
|---|---|
ALLOW | Tool call is forwarded without intervention |
DENY | Tool call is rejected with a reason |
REQUIRE_APPROVAL | Tool call is paused until a human approves or rejects |
LOG_ONLY | Tool call is forwarded but flagged for review |
Any other action value returns 400 listing the allowed set. See the MCP API reference for the full body.
Approval Queue
When a tool call triggers a REQUIRE_APPROVAL policy, it is placed in the queue:
- The coding agent pauses and waits
- A notification is sent via the configured webhook (Slack/Teams)
- An approver reviews the tool call in the MCP Approvals dashboard
- On approval, the call is forwarded; on rejection, an error is returned
Tool Scanning & Poisoning Detection
Palveron automatically scans registered MCP servers for tool definitions. If a tool's description changes between scans (potential rug pull / tool poisoning), it is flagged:
- Dashboard shows a warning badge on the affected server
- The Command Center surfaces a critical alert
- Optionally, affected tools are automatically blocked pending review
Monitoring
All MCP tool calls appear in the Command Center with dedicated metrics:
- Total tool calls over the selected period
- Blocked tool calls
- Active / failing MCP servers
- Pending approvals
- Suspected poisoning cases
Next Steps
- MCP Servers — Server registration and management
- Tool Policies — Fine-grained tool governance
- API Reference: MCP — Complete MCP endpoint documentation
- Quickstart — General onboarding guide